The following updates has been released for Ubuntu Linux:
USN-3957-1: MySQL vulnerabilities
USN-3958-1: GStreamer Base Plugins vulnerability
USN-3959-1: Evince vulnerability
USN-3957-1: MySQL vulnerabilities
USN-3958-1: GStreamer Base Plugins vulnerability
USN-3959-1: Evince vulnerability
USN-3957-1: MySQL vulnerabilities
==========================================================================
Ubuntu Security Notice USN-3957-1
April 29, 2019
mysql-5.7 vulnerabilities
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Several security issues were fixed in MySQL.
Software Description:
- mysql-5.7: MySQL database
Details:
Multiple security issues were discovered in MySQL and this update includes
a new upstream MySQL version to fix these issues.
Ubuntu 16.04 LTS, Ubuntu 18.04 LTS, Ubuntu 18.10, and Ubuntu 19.04 have
been updated to MySQL 5.7.26.
In addition to security fixes, the updated packages contain bug fixes, new
features, and possibly incompatible changes.
Please see the following for more information:
https://dev.mysql.com/doc/relnotes/mysql/5.7/en/news-5-7-26.html
https://www.oracle.com/technetwork/security-advisory/cpuapr2019-5072813.html
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
mysql-server-5.7 5.7.26-0ubuntu0.19.04.1
Ubuntu 18.10:
mysql-server-5.7 5.7.26-0ubuntu0.18.10.1
Ubuntu 18.04 LTS:
mysql-server-5.7 5.7.26-0ubuntu0.18.04.1
Ubuntu 16.04 LTS:
mysql-server-5.7 5.7.26-0ubuntu0.16.04.1
This update uses a new upstream release, which includes additional bug
fixes. In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3957-1
CVE-2019-2566, CVE-2019-2581, CVE-2019-2592, CVE-2019-2614,
CVE-2019-2627, CVE-2019-2628, CVE-2019-2632, CVE-2019-2683
Package Information:
https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.26-0ubuntu0.19.04.1
https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.26-0ubuntu0.18.10.1
https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.26-0ubuntu0.18.04.1
https://launchpad.net/ubuntu/+source/mysql-5.7/5.7.26-0ubuntu0.16.04.1
USN-3958-1: GStreamer Base Plugins vulnerability
==========================================================================
Ubuntu Security Notice USN-3958-1
April 29, 2019
gst-plugins-base0.10, gst-plugins-base1.0 vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
GStreamer Base Plugins could be made to crash or run programs if it
received specially crafted network traffic.
Software Description:
- gst-plugins-base1.0: GStreamer plugins
- gst-plugins-base0.10: GStreamer plugins
Details:
It was discovered that GStreamer Base Plugins did not correctly handle
certain malformed RTSP streams. If a user were tricked into opening a
crafted RTSP stream with a GStreamer application, an attacker could cause a
denial of service via application crash, or possibly execute arbitrary
code.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 18.10:
gstreamer1.0-plugins-base 1.14.4-1ubuntu1.1
Ubuntu 18.04 LTS:
gstreamer1.0-plugins-base 1.14.1-1ubuntu1~ubuntu18.04.2
Ubuntu 16.04 LTS:
gstreamer0.10-plugins-base 0.10.36-2ubuntu0.2
gstreamer1.0-plugins-base 1.8.3-1ubuntu0.3
In general, a standard system update will make all the necessary changes.
References:
https://usn.ubuntu.com/usn/usn-3958-1
CVE-2019-9928
Package Information:
https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.14.4-1ubuntu1.1
https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.14.1-1ubuntu1~ubuntu18.04.2
https://launchpad.net/ubuntu/+source/gst-plugins-base0.10/0.10.36-2ubuntu0.2
https://launchpad.net/ubuntu/+source/gst-plugins-base1.0/1.8.3-1ubuntu0.3
USN-3959-1: Evince vulnerability
==========================================================================
Ubuntu Security Notice USN-3959-1
April 29, 2019
evince vulnerability
==========================================================================
A security issue affects these releases of Ubuntu and its derivatives:
- Ubuntu 19.04
- Ubuntu 18.10
- Ubuntu 18.04 LTS
- Ubuntu 16.04 LTS
Summary:
Evince could be made to expose sensitive information if it received
a specially crafted file.
Software Description:
- evince: Document viewer
Details:
It was discovered that Evince incorrectly handled certain images.
An attacker could possibly use this issue to expose sensitive
information.
Update instructions:
The problem can be corrected by updating your system to the following
package versions:
Ubuntu 19.04:
evince 3.32.0-1ubuntu0.1
evince-common 3.32.0-1ubuntu0.1
Ubuntu 18.10:
evince 3.30.1-1ubuntu1.3
evince-common 3.30.1-1ubuntu1.3
Ubuntu 18.04 LTS:
evince 3.28.4-0ubuntu1.1
evince-common 3.28.4-0ubuntu1.1
Ubuntu 16.04 LTS:
evince 3.18.2-1ubuntu4.4
evince-common 3.18.2-1ubuntu4.4
In general, a standard system update will make all the necessary
changes.
References:
https://usn.ubuntu.com/usn/usn-3959-1
CVE-2019-11459
Package Information:
https://launchpad.net/ubuntu/+source/evince/3.32.0-1ubuntu0.1
https://launchpad.net/ubuntu/+source/evince/3.30.1-1ubuntu1.3
https://launchpad.net/ubuntu/+source/evince/3.28.4-0ubuntu1.1
https://launchpad.net/ubuntu/+source/evince/3.18.2-1ubuntu4.4
